diff --git a/src/provision.js b/src/provision.js index b3fa07e1c..9ba32c5e3 100644 --- a/src/provision.js +++ b/src/provision.js @@ -138,11 +138,11 @@ async function activate(username, password, email, displayName, ip, auditSource) debug(`activate: user: ${username} email:${email}`); - const [error, userObject] = await safe(users.createOwner(email, username, password, displayName, auditSource)); + const [error, ownerId] = await safe(users.createOwner(email, username, password, displayName, auditSource)); if (error && error.reason === BoxError.ALREADY_EXISTS) throw new BoxError(BoxError.CONFLICT, 'Already activated'); if (error) throw error; - const token = { clientId: tokens.ID_WEBADMIN, identifier: userObject.id, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS }; + const token = { clientId: tokens.ID_WEBADMIN, identifier: ownerId, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS }; const result = await tokens.add(token); eventlog.add(eventlog.ACTION_ACTIVATE, auditSource, {}); @@ -150,7 +150,7 @@ async function activate(username, password, email, displayName, ip, auditSource) setImmediate(cloudron.onActivated.bind(null, {}, NOOP_CALLBACK)); return { - userId: userObject.id, + userId: ownerId, token: result.accessToken, expires: result.expires }; diff --git a/src/test/common.js b/src/test/common.js index 161877578..ecba976d3 100644 --- a/src/test/common.js +++ b/src/test/common.js @@ -73,7 +73,8 @@ const ADMIN = { groupIds: [], role: 'owner', source: '', - avatar: constants.AVATAR_GRAVATAR + avatar: constants.AVATAR_GRAVATAR, + active: true, }; const USER = { @@ -90,7 +91,8 @@ const USER = { displayName: '', source: '', permissions: null, - avatar: constants.AVATAR_NONE + avatar: constants.AVATAR_NONE, + active: true, }; const APP = { @@ -113,6 +115,7 @@ const APP = { exports = module.exports = { createTree, + domainSetup, setup, cleanup, @@ -156,7 +159,7 @@ function createTree(root, obj) { createSubTree(obj, root); } -function setup(done) { +function domainSetup(done) { nock.cleanAll(); async.series([ @@ -167,6 +170,12 @@ function setup(done) { settings.initCache, blobs.initSecrets, domains.add.bind(null, DOMAIN.domain, DOMAIN, AUDIT_SOURCE), + ], done); +} + +function setup(done) { + async.series([ + domainSetup, async function createOwner() { const result = await users.createOwner(ADMIN.email, ADMIN.username, ADMIN.password, ADMIN.displayName, AUDIT_SOURCE); ADMIN.id = result.id; @@ -193,3 +202,4 @@ function cleanup(done) { database.uninitialize ], done); } + diff --git a/src/test/users-test.js b/src/test/users-test.js index cd3ae449e..ef99ba544 100644 --- a/src/test/users-test.js +++ b/src/test/users-test.js @@ -5,1079 +5,800 @@ 'use strict'; -const async = require('async'), - BoxError = require('../boxerror.js'), - database = require('../database.js'), +const BoxError = require('../boxerror.js'), + common = require('./common.js'), expect = require('expect.js'), fs = require('fs'), - mailboxdb = require('../mailboxdb.js'), - mailer = require('../mailer.js'), paths = require('../paths.js'), - provision = require('../provision.js'), safe = require('safetydance'), - userdb = require('../userdb.js'), users = require('../users.js'), _ = require('underscore'); -var USERNAME = 'noBody'; -var USERNAME_NEW = 'noBodyNew'; -var EMAIL = 'else@no.body'; -var EMAIL_NEW = 'noBodyNew@no.body'; -var PASSWORD = 'sTrOnG#$34134'; -var NEW_PASSWORD = 'oTHER@#$235'; -var DISPLAY_NAME = 'Nobody cares'; -var DISPLAY_NAME_NEW = 'Somone cares'; -var userObject = null; -var AUDIT_SOURCE = { ip: '1.2.3.4', userId: 'someuserid' }; +describe('User', function () { + const { domainSetup, cleanup, ADMIN, AUDIT_SOURCE } = common; -var USER_1 = { - id: 'uuid1', - username: 'uuid1', - password: 'secret', - email: 'safe2@me.com', - fallbackEmail: 'safer2@me.com', - salt: 'tata', - resetToken: '', - displayName: 'Herbert 1', - twoFactorAuthenticationEnabled: false, - twoFactorAuthenticationSecret: '', - role: 'user', - active: true, - source: '', - loginLocations: [], - avatar: constants.AVATAR_GRAVATAR -}; - -var USER_2 = { - id: 'uuid2', - username: 'uuid2', - password: 'secret', - email: 'safe3@me.com', - fallbackEmail: 'safer3@me.com', - salt: 'tata', - resetToken: '', - displayName: 'Herbert 2', - twoFactorAuthenticationEnabled: false, - twoFactorAuthenticationSecret: '', - role: 'user', - active: true, - source: '', - loginLocations: [], - avatar: constants.AVATAR_NONE -}; - -const DOMAIN_0 = { - domain: 'example.com', - zoneName: 'example.com', - provider: 'manual', - config: {}, - fallbackCertificate: null, - tlsConfig: { provider: 'fallback' }, - wellKnown: null -}; - -function cleanupUsers(done) { - mailer._mailQueue = []; - - async.series([ - userdb._clear, - mailboxdb._clear, - ], done); -} - -function createOwner(done) { - users.createOwner(USERNAME, PASSWORD, EMAIL, DISPLAY_NAME, AUDIT_SOURCE, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - - userObject = result; - - done(null, userObject); - }); -} - -function setup(done) { - mailer._mailQueue = []; - - async.series([ - database.initialize, - database._clear, - provision.setup.bind(null, DOMAIN_0, { provider: 'generic' }, AUDIT_SOURCE), - ], done); -} - -function cleanup(done) { - mailer._mailQueue = []; - - async.series([ - database._clear, - database.uninitialize - ], done); -} - -function checkMails(number, options, callback) { - if (typeof options === 'function') { - callback = options; - options = null; + async function cleanupUsers() { + for (const u of await users.getAll()) { + await users.del(u, AUDIT_SOURCE); + } } - // mails are enqueued async - setTimeout(function () { - expect(mailer._mailQueue.length).to.equal(number); + async function createOwner() { + await cleanupUsers(); - if (options && options.sentTo) expect(mailer._mailQueue.some(function (mail) { return mail.to === options.sentTo; })); + const id = await users.add(ADMIN.email, ADMIN, AUDIT_SOURCE); + ADMIN.id = id; + } - mailer._mailQueue = []; - - callback(); - }, 500); -} - -describe('User', function () { - before(setup); + before(domainSetup); after(cleanup); - describe('user', function () { - function validateUser(a, b) { - expect(a.creationTime).to.be.a(Date); - expect(a.resetTokenCreationTime).to.be.a(Date); - expect(_.omit(b, ['avatar'])).to.be.eql(_.omit(a, ['creationTime', 'resetTokenCreationTime'])); - } + function checkUser(a, b) { + expect(a.creationTime).to.be.a(Date); + expect(a.resetTokenCreationTime).to.be.a(Date); - it('can add user', function (done) { - userdb.add(USER_0.id, USER_0, done); + const fields = [ 'id', 'username', 'email', 'fallbackEmail', 'role', 'displayName', 'source', 'permissions', 'active' ]; + + expect(_.pick(a, fields)).to.be.eql(_.pick(b, fields)); + } + + describe('add', function () { + it('fails due to short password', async function () { + const user = Object.assign({}, ADMIN, { password: 'Fo$%23' }); + const [error] = await safe(users.add(user.email, user, AUDIT_SOURCE)); + expect(error.reason).to.equal(BoxError.BAD_FIELD); }); - it('can add another user', function (done) { - userdb.add(USER_1.id, USER_1, done); + it('fails due to reserved username', async function () { + const user = Object.assign({}, ADMIN, { username: 'admin' }); + const [error] = await safe(users.add(user.email, user, AUDIT_SOURCE)); + expect(error.reason).to.equal(BoxError.BAD_FIELD); }); - it('can add another user with empty username', function (done) { - userdb.add(USER_2.id, USER_2, done); + it('fails due to invalid username', async function () { + const user = Object.assign({}, ADMIN, { username: 'moo+daemon' }); + const [error] = await safe(users.add(user.email, user, AUDIT_SOURCE)); + expect(error.reason).to.equal(BoxError.BAD_FIELD); }); - it('cannot add user with same email again', function (done) { - var tmp = JSON.parse(JSON.stringify(USER_0)); - tmp.id = 'somethingelse'; - tmp.username = 'somethingelse'; - tmp.avatar = constants.AVATAR_GRAVATAR; - - userdb.add(tmp.id, tmp, function (error) { - expect(error).to.be.ok(); - expect(error.reason).to.be(BoxError.ALREADY_EXISTS); - expect(error.message).to.equal('email already exists'); - done(); - }); + it('fails due to empty username', async function () { + const user = Object.assign({}, ADMIN, { username: '' }); + const [error] = await safe(users.add(user.email, user, AUDIT_SOURCE)); + expect(error.reason).to.equal(BoxError.BAD_FIELD); }); - it('cannot add user with same username again', function (done) { - var tmp = JSON.parse(JSON.stringify(USER_0)); - tmp.id = 'somethingelse'; - tmp.email = 'somethingelse@not.taken'; - tmp.avatar = constants.AVATAR_GRAVATAR; - - userdb.add(tmp.id, tmp, function (error) { - expect(error).to.be.ok(); - expect(error.reason).to.be(BoxError.ALREADY_EXISTS); - expect(error.message).to.equal('username already exists'); - done(); - }); + it('fails due to long username', async function () { + const user = Object.assign({}, ADMIN, { username: new Array(257).fill('Z').join('') }); + const [error] = await safe(users.add(user.email, user, AUDIT_SOURCE)); + expect(error.reason).to.equal(BoxError.BAD_FIELD); }); - it('can get by user id', function (done) { - userdb.get(USER_0.id, function (error, user) { - expect(error).to.not.be.ok(); - - validateUser(user, USER_0); - - done(); - }); + it('fails due to reserved app pattern', async function () { + const user = Object.assign({}, ADMIN, { username: 'maybe.app' }); + const [error] = await safe(users.add(user.email, user, AUDIT_SOURCE)); + expect(error.reason).to.equal(BoxError.BAD_FIELD); }); - it('can get by user name', function (done) { - userdb.getByUsername(USER_0.username, function (error, user) { - expect(error).to.not.be.ok(); - - validateUser(user, USER_0); - - done(); - }); + it('fails because password is empty', async function () { + const user = Object.assign({}, ADMIN, { password: '' }); + const [error] = await safe(users.add(user.email, user, AUDIT_SOURCE)); + expect(error.reason).to.equal(BoxError.BAD_FIELD); }); - it('can get by email', function (done) { - userdb.getByEmail(USER_0.email, function (error, user) { - expect(error).to.not.be.ok(); - - validateUser(user, USER_0); - - done(); - }); + it('can add user', async function () { + const id = await users.add(ADMIN.email, ADMIN, AUDIT_SOURCE); + ADMIN.id = id; }); - it('getByResetToken fails for empty resetToken', function (done) { - userdb.getByResetToken('', function (error, user) { - expect(error).to.be.ok(); - expect(error.reason).to.be(BoxError.NOT_FOUND); - expect(user).to.not.be.ok(); - done(); - }); + it('cannot add user with same email again', async function () { + const [error] = await safe(users.add(ADMIN.email, ADMIN, AUDIT_SOURCE)); + expect(error.reason).to.be(BoxError.ALREADY_EXISTS); + expect(error.message).to.equal('email already exists'); }); - it('getByResetToken fails for invalid resetToken', function (done) { - userdb.getByResetToken('invalid', function (error, user) { - expect(error).to.be.ok(); - expect(error.reason).to.be(BoxError.NOT_FOUND); - expect(user).to.not.be.ok(); - done(); - }); - }); - - it('can get by resetToken', function (done) { - userdb.getByResetToken(USER_0.resetToken, function (error, user) { - expect(error).to.not.be.ok(); - - validateUser(user, USER_0); - - done(); - }); - }); - - it('can get all with group ids', function (done) { - userdb.getAllWithGroupIds(function (error, all) { - expect(error).to.not.be.ok(); - expect(all.length).to.equal(3); - - var userCopy; - - userCopy = _.extend({}, USER_0); - userCopy.groupIds = [ ]; - validateUser(all[0], userCopy); - - userCopy = _.extend({}, USER_1); - userCopy.groupIds = [ ]; - validateUser(all[1], userCopy); - - userCopy = _.extend({}, USER_2); - userCopy.groupIds = [ ]; - validateUser(all[2], userCopy); - - done(); - }); - }); - - it('can get all with group ids paged', function (done) { - userdb.getAllWithGroupIdsPaged(null, 1, 2, function (error, all) { - expect(error).to.not.be.ok(); - expect(all.length).to.equal(2); - - var userCopy; - - userCopy = _.extend({}, USER_0); - userCopy.groupIds = []; - validateUser(all[0], userCopy); - - userCopy = _.extend({}, USER_1); - userCopy.groupIds = []; - validateUser(all[1], userCopy); - - userdb.getAllWithGroupIdsPaged(null, 2, 2, function (error, all) { - expect(error).to.not.be.ok(); - expect(all.length).to.equal(1); - - var userCopy; - - userCopy = _.extend({}, USER_2); - userCopy.groupIds = []; - validateUser(all[0], userCopy); - - done(); - }); - }); - }); - - it('can get all with group ids paged and search', function (done) { - userdb.getAllWithGroupIdsPaged('id1', 1, 2, function (error, all) { - expect(error).to.not.be.ok(); - expect(all.length).to.equal(1); - - var userCopy; - - userCopy = _.extend({}, USER_1); - userCopy.groupIds = []; - validateUser(all[0], userCopy); - - done(); - }); - }); - - it('can get all admins', function (done) { - userdb.getByRole('owner', function (error) { - expect(error).to.be.ok(); - expect(error.reason).to.be(BoxError.NOT_FOUND); - done(); - }); - }); - - it('counts the users', function (done) { - userdb.count(function (error, count) { - expect(error).to.not.be.ok(); - expect(count).to.equal(3); - done(); - }); - }); - - it('can get all users', function (done) { - userdb.getByRole('user', function (error, all) { - expect(error).to.not.be.ok(); - expect(all.length).to.equal(3); - done(); - }); - }); - - it('can update the user', function (done) { - userdb.update(USER_0.id, { email: 'some@thing.com', displayName: 'Heiter' }, function (error) { - expect(error).to.not.be.ok(); - userdb.get(USER_0.id, function (error, user) { - expect(user.email).to.equal('some@thing.com'); - expect(user.displayName).to.equal('Heiter'); - done(); - }); - }); - }); - - it('can update the user with already existing email', function (done) { - userdb.update(USER_0.id, { email: USER_2.email }, function (error) { - expect(error).to.be.ok(); - expect(error.reason).to.be(BoxError.ALREADY_EXISTS); - expect(error.message).to.equal('email already exists'); - done(); - }); - }); - - it('can update the user with already existing username', function (done) { - userdb.update(USER_0.id, { username: USER_2.username }, function (error) { - expect(error).to.be.ok(); - expect(error.reason).to.be(BoxError.ALREADY_EXISTS); - expect(error.message).to.equal('username already exists'); - done(); - }); - }); - - it('cannot update with null field', function () { - expect(function () { - userdb.update(USER_0.id, { email: null }, function () {}); - }).to.throwError(); + it('cannot add user with same username again', async function () { + const [error] = await safe(users.add('somethingelse@not.taken', ADMIN, AUDIT_SOURCE)); + expect(error.reason).to.be(BoxError.ALREADY_EXISTS); + expect(error.message).to.equal('username already exists'); }); }); - describe('create', function() { - before(cleanupUsers); - after(cleanupUsers); - - it('fails due to short password', function (done) { - users.create(USERNAME, 'Fo$%23', EMAIL, DISPLAY_NAME, { }, AUDIT_SOURCE, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.BAD_FIELD); - - done(); - }); + describe('get', function () { + it('can get by user id', async function () { + const result = await users.get(ADMIN.id); + checkUser(result, ADMIN); }); - it('fails due to reserved username', function (done) { - users.create('admin', PASSWORD, EMAIL, DISPLAY_NAME, { }, AUDIT_SOURCE, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.BAD_FIELD); - - done(); - }); + it('cannot get by bad user id', async function () { + const result = await users.get('random'); + expect(result).to.be(null); }); - it('fails due to invalid username', function (done) { - users.create('moo+daemon', PASSWORD, EMAIL, DISPLAY_NAME, { }, AUDIT_SOURCE, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.BAD_FIELD); - - done(); - }); + it('can get by user name', async function () { + const result = await users.getByUsername(ADMIN.username); + checkUser(result, ADMIN); }); - it('fails due to short username', function (done) { - users.create('', PASSWORD, EMAIL, DISPLAY_NAME, { }, AUDIT_SOURCE, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.BAD_FIELD); - - done(); - }); - }); - - it('fails due to long username', function (done) { - users.create(new Array(257).fill('Z').join(''), PASSWORD, EMAIL, DISPLAY_NAME, { }, AUDIT_SOURCE, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.BAD_FIELD); - - done(); - }); - }); - - it('fails due to reserved app pattern', function (done) { - users.create('maybe.app', PASSWORD, EMAIL, DISPLAY_NAME, { }, AUDIT_SOURCE, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.BAD_FIELD); - - done(); - }); - }); - - it('succeeds', function (done) { - users.createOwner(USERNAME, PASSWORD, EMAIL, DISPLAY_NAME, AUDIT_SOURCE, function (error, result) { - expect(error).not.to.be.ok(); - expect(result).to.be.ok(); - expect(result.username).to.equal(USERNAME.toLowerCase()); - expect(result.email).to.equal(EMAIL.toLowerCase()); - expect(result.fallbackEmail).to.equal(EMAIL.toLowerCase()); - - done(); - }); - }); - - it('fails because user exists', function (done) { - users.create(USERNAME, PASSWORD, EMAIL, DISPLAY_NAME, { }, AUDIT_SOURCE, function (error, result) { - expect(error).to.be.ok(); - expect(result).not.to.be.ok(); - expect(error.reason).to.equal(BoxError.ALREADY_EXISTS); - - done(); - }); - }); - - it('fails because password is empty', function (done) { - users.create(USERNAME, '', EMAIL, DISPLAY_NAME, { }, AUDIT_SOURCE, function (error, result) { - expect(error).to.be.ok(); - expect(result).not.to.be.ok(); - expect(error.reason).to.equal(BoxError.BAD_FIELD); - - done(); - }); + it('can get by email', async function () { + const result = await users.getByEmail(ADMIN.email); + checkUser(result, ADMIN); }); }); + // describe('user', function () { + + + // it('getByResetToken fails for empty resetToken', function (done) { + // userdb.getByResetToken('', function (error, user) { + // expect(error).to.be.ok(); + // expect(error.reason).to.be(BoxError.NOT_FOUND); + // expect(user).to.not.be.ok(); + // done(); + // }); + // }); + + // it('getByResetToken fails for invalid resetToken', function (done) { + // userdb.getByResetToken('invalid', function (error, user) { + // expect(error).to.be.ok(); + // expect(error.reason).to.be(BoxError.NOT_FOUND); + // expect(user).to.not.be.ok(); + // done(); + // }); + // }); + + // it('can get by resetToken', function (done) { + // userdb.getByResetToken(USER_0.resetToken, function (error, user) { + // expect(error).to.not.be.ok(); + + // validateUser(user, USER_0); + + // done(); + // }); + // }); + + // it('can get all with group ids', function (done) { + // userdb.getAllWithGroupIds(function (error, all) { + // expect(error).to.not.be.ok(); + // expect(all.length).to.equal(3); + + // var userCopy; + + // userCopy = _.extend({}, USER_0); + // userCopy.groupIds = [ ]; + // validateUser(all[0], userCopy); + + // userCopy = _.extend({}, USER_1); + // userCopy.groupIds = [ ]; + // validateUser(all[1], userCopy); + + // userCopy = _.extend({}, USER_2); + // userCopy.groupIds = [ ]; + // validateUser(all[2], userCopy); + + // done(); + // }); + // }); + + // it('can get all with group ids paged', function (done) { + // userdb.getAllWithGroupIdsPaged(null, 1, 2, function (error, all) { + // expect(error).to.not.be.ok(); + // expect(all.length).to.equal(2); + + // var userCopy; + + // userCopy = _.extend({}, USER_0); + // userCopy.groupIds = []; + // validateUser(all[0], userCopy); + + // userCopy = _.extend({}, USER_1); + // userCopy.groupIds = []; + // validateUser(all[1], userCopy); + + // userdb.getAllWithGroupIdsPaged(null, 2, 2, function (error, all) { + // expect(error).to.not.be.ok(); + // expect(all.length).to.equal(1); + + // var userCopy; + + // userCopy = _.extend({}, USER_2); + // userCopy.groupIds = []; + // validateUser(all[0], userCopy); + + // done(); + // }); + // }); + // }); + + // it('can get all with group ids paged and search', function (done) { + // userdb.getAllWithGroupIdsPaged('id1', 1, 2, function (error, all) { + // expect(error).to.not.be.ok(); + // expect(all.length).to.equal(1); + + // var userCopy; + + // userCopy = _.extend({}, USER_1); + // userCopy.groupIds = []; + // validateUser(all[0], userCopy); + + // done(); + // }); + // }); + + // it('can get all admins', function (done) { + // userdb.getByRole('owner', function (error) { + // expect(error).to.be.ok(); + // expect(error.reason).to.be(BoxError.NOT_FOUND); + // done(); + // }); + // }); + + // it('counts the users', function (done) { + // userdb.count(function (error, count) { + // expect(error).to.not.be.ok(); + // expect(count).to.equal(3); + // done(); + // }); + // }); + + // it('can get all users', function (done) { + // userdb.getByRole('user', function (error, all) { + // expect(error).to.not.be.ok(); + // expect(all.length).to.equal(3); + // done(); + // }); + // }); + + // it('can update the user', function (done) { + // userdb.update(USER_0.id, { email: 'some@thing.com', displayName: 'Heiter' }, function (error) { + // expect(error).to.not.be.ok(); + // userdb.get(USER_0.id, function (error, user) { + // expect(user.email).to.equal('some@thing.com'); + // expect(user.displayName).to.equal('Heiter'); + // done(); + // }); + // }); + // }); + + // it('can update the user with already existing email', function (done) { + // userdb.update(USER_0.id, { email: USER_2.email }, function (error) { + // expect(error).to.be.ok(); + // expect(error.reason).to.be(BoxError.ALREADY_EXISTS); + // expect(error.message).to.equal('email already exists'); + // done(); + // }); + // }); + + // it('can update the user with already existing username', function (done) { + // userdb.update(USER_0.id, { username: USER_2.username }, function (error) { + // expect(error).to.be.ok(); + // expect(error.reason).to.be(BoxError.ALREADY_EXISTS); + // expect(error.message).to.equal('username already exists'); + // done(); + // }); + // }); + + // it('cannot update with null field', function () { + // expect(function () { + // userdb.update(USER_0.id, { email: null }, function () {}); + // }).to.throwError(); + // }); + // }); + describe('getOwner', function() { before(cleanupUsers); - after(cleanupUsers); - it('fails because there is no owner', function (done) { - users.getOwner(function (error) { - expect(error.reason).to.be(BoxError.NOT_FOUND); - done(); - }); + it('fails because there is no owner', async function () { + const owner = await users.getOwner(); + expect(owner).to.be(null); }); - it('succeeds', function (done) { - createOwner(function (error) { - if (error) return done(error); + it('getOwner succeeds', async function () { + const id = await users.add(ADMIN.email, ADMIN, AUDIT_SOURCE); + ADMIN.id = id; + const owner = await users.getOwner(); + checkUser(owner, ADMIN); + }); - users.getOwner(function (error, owner) { - expect(error).to.be(null); - expect(owner.email).to.be(EMAIL.toLowerCase()); - done(); - }); - }); + it('getSuperadmins succeeds', async function () { + const results = await users.getSuperadmins(); + expect(results.length).to.be(1); + checkUser(results[0], ADMIN); + }); + + it('getAdmins succeeds', async function () { + const results = await users.getAdmins(); + expect(results.length).to.be(1); + checkUser(results[0], ADMIN); }); }); describe('verify', function () { before(createOwner); - after(cleanupUsers); - it('fails due to non existing user', function (done) { - users.verify('somerandomid', PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.NOT_FOUND); - - done(); - }); + it('fails due to non existing user', async function () { + const [error] = await safe(users.verify('somerandomid', 'somepassword', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.NOT_FOUND); }); - it('fails due to empty password', function (done) { - users.verify(userObject.id, '', users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - - done(); - }); + it('fails due to empty password', async function () { + const [error] = await safe(users.verify(ADMIN.id, '', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('fails due to wrong password', function (done) { - users.verify(userObject.id, PASSWORD+PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - - done(); - }); + it('fails due to wrong password', async function () { + const [error] = await safe(users.verify(ADMIN.id, ADMIN.password+'x', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('succeeds', function (done) { - users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - - done(); - }); + it('succeeds', async function () { + const result = await users.verify(ADMIN.id, ADMIN.password, users.AP_WEBADMIN); + expect(result).to.be.ok(); + expect(result.appPassword).to.not.be.ok(); + expect(result.ghost).to.not.be.ok(); }); - it('fails for ghost if not enabled', function (done) { - users.verify(userObject.id, 'foobar', users.AP_WEBADMIN, function (error) { - expect(error).to.be.a(BoxError); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - done(); - }); + it('fails for ghost if not enabled', async function () { + const [error] = await safe(users.verify(ADMIN.id, 'foobar', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('fails for ghost with wrong password', function (done) { - var ghost = { }; - ghost[userObject.username] = 'testpassword'; + it('fails for ghost with wrong password', async function () { + let ghost = { }; + ghost[ADMIN.username] = 'testpassword'; + await fs.promises.writeFile(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); + + const [error] = await safe(users.verify(ADMIN.id, 'foobar', users.AP_WEBADMIN)); + await fs.promises.unlink(paths.GHOST_USER_FILE); + + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); + }); + + it('succeeds for ghost', async function () { + let ghost = { }; + ghost[ADMIN.username] = 'testpassword'; + await fs.promises.writeFile(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); + + const result = await users.verify(ADMIN.id, 'testpassword', users.AP_WEBADMIN); + if (fs.existsSync(paths.GHOST_USER_FILE)) throw new Error('Ghost file exists after verification'); + + expect(result.id).to.equal(ADMIN.id); + expect(result.ghost).to.be(true); + }); + + it('succeeds for normal user password when ghost file exists', async function () { + let ghost = { }; + ghost[ADMIN.username] = 'testpassword'; fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); - users.verify(userObject.id, 'foobar', users.AP_WEBADMIN, function (error) { - fs.unlinkSync(paths.GHOST_USER_FILE); - - expect(error).to.be.a(BoxError); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - done(); - }); - }); - - it('succeeds for ghost', function (done) { - var ghost = { }; - ghost[userObject.username] = 'testpassword'; - fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); - - users.verify(userObject.id, 'testpassword', users.AP_WEBADMIN, function (error, result) { - if (fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file exists after verification')); - - expect(error).to.equal(null); - expect(result.id).to.equal(userObject.id); - expect(result.username).to.equal(userObject.username); - expect(result.email).to.equal(userObject.email); - expect(result.displayName).to.equal(userObject.displayName); - - done(); - }); - }); - - it('succeeds for normal user password when ghost file exists', function (done) { - var ghost = { }; - ghost[userObject.username] = 'testpassword'; - fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); - - users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error, result) { - if (!fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file went way without verification')); - - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - - done(); - }); + const result = await users.verify(ADMIN.id, ADMIN.password, users.AP_WEBADMIN); + if (!fs.existsSync(paths.GHOST_USER_FILE)) throw new Error('Ghost file went way without verification'); + expect(result.id).to.equal(ADMIN.id); + expect(result.ghost).to.not.be.ok(); }); }); describe('verifyWithUsername', function () { before(createOwner); - after(cleanupUsers); - it('fails due to non existing username', function (done) { - users.verifyWithUsername(USERNAME+USERNAME, PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.NOT_FOUND); - - done(); - }); + it('fails due to non existing username', async function () { + const [error] = await safe(users.verifyWithUsername('someusername', 'somepass', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.NOT_FOUND); }); - it('fails due to empty password', function (done) { - users.verifyWithUsername(USERNAME, '', users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - - done(); - }); + it('fails due to empty password', async function () { + const [error] = await safe(users.verifyWithUsername(ADMIN.username, '', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('fails due to wrong password', function (done) { - users.verifyWithUsername(USERNAME, PASSWORD+PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - - done(); - }); + it('fails due to wrong password', async function () { + const [error] = await safe(users.verifyWithUsername(ADMIN.username, 'somepass', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('succeeds', function (done) { - users.verifyWithUsername(USERNAME, PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - - done(); - }); + it('succeeds', async function () { + const result = await users.verifyWithUsername(ADMIN.username, ADMIN.password, users.AP_WEBADMIN); + expect(result.id).to.equal(ADMIN.id); }); - it('succeeds for different username case', function (done) { - users.verifyWithUsername(USERNAME.toUpperCase(), PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - - done(); - }); + it('succeeds for different username case', async function () { + const result = await users.verifyWithUsername(ADMIN.username.toUpperCase(), ADMIN.password, users.AP_WEBADMIN); + expect(result.id).to.equal(ADMIN.id); }); - it('fails for ghost with wrong password', function (done) { - var ghost = { }; - ghost[userObject.username] = 'testpassword'; + it('fails for ghost with wrong password', async function () { + let ghost = { }; + ghost[ADMIN.username] = 'testpassword'; fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); - users.verifyWithUsername(USERNAME, 'foobar', users.AP_WEBADMIN, function (error) { - if (!fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file went way without verification')); - fs.unlinkSync(paths.GHOST_USER_FILE); + const [error] = await safe(users.verifyWithUsername(ADMIN.username, 'foobar', users.AP_WEBADMIN)); + if (!fs.existsSync(paths.GHOST_USER_FILE)) throw new Error('Ghost file went way without verification'); + fs.unlinkSync(paths.GHOST_USER_FILE); - expect(error).to.be.a(BoxError); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - done(); - }); + console.log(error); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('succeeds for ghost', function (done) { - var ghost = { }; - ghost[userObject.username] = 'testpassword'; + it('succeeds for ghost', async function () { + let ghost = { }; + ghost[ADMIN.username] = 'testpassword'; fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); - users.verifyWithUsername(USERNAME, 'testpassword', users.AP_WEBADMIN, function (error, result) { - if (fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file still around!')); - - expect(error).to.equal(null); - expect(result.id).to.equal(userObject.id); - expect(result.username).to.equal(userObject.username); - expect(result.email).to.equal(userObject.email); - expect(result.displayName).to.equal(userObject.displayName); - - done(); - }); + const result = await users.verifyWithUsername(ADMIN.username, 'testpassword', users.AP_WEBADMIN); + if (fs.existsSync(paths.GHOST_USER_FILE)) throw new Error('Ghost file still around!'); + expect(result.id).to.equal(ADMIN.id); + expect(result.ghost).to.be(true); }); }); describe('verifyWithEmail', function () { before(createOwner); - after(cleanupUsers); - it('fails due to non existing user', function (done) { - users.verifyWithEmail(EMAIL+EMAIL, PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.NOT_FOUND); - - done(); - }); + it('fails due to non existing user', async function () { + const [error] = await safe(users.verifyWithEmail('bad@email.com', ADMIN.password, users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.NOT_FOUND); }); - it('fails due to empty password', function (done) { - users.verifyWithEmail(EMAIL, '', users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - - done(); - }); + it('fails due to empty password', async function () { + const [error] = await safe(users.verifyWithEmail(ADMIN.email, '', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('fails due to wrong password', function (done) { - users.verifyWithEmail(EMAIL, PASSWORD+PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - - done(); - }); + it('fails due to wrong password', async function () { + const [error] = await safe(users.verifyWithEmail(ADMIN.email, 'badpassword', users.AP_WEBADMIN)); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('succeeds', function (done) { - users.verifyWithEmail(EMAIL, PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - - done(); - }); + it('succeeds', async function () { + const result = await users.verifyWithEmail(ADMIN.email, ADMIN.password, users.AP_WEBADMIN); + expect(result.id).to.be(ADMIN.id); }); - it('succeeds for different email case', function (done) { - users.verifyWithEmail(EMAIL.toUpperCase(), PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - - done(); - }); + it('succeeds for different email case', async function () { + const result = await users.verifyWithEmail(ADMIN.email.toUpperCase(), ADMIN.password, users.AP_WEBADMIN); + expect(result.id).to.be(ADMIN.id); }); - it('fails for ghost with wrong password', function (done) { - var ghost = { }; - ghost[userObject.username] = 'testpassword'; + it('fails for ghost with wrong password', async function () { + let ghost = { }; + ghost[ADMIN.username] = 'testpassword'; fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); - users.verifyWithEmail(EMAIL, 'foobar', users.AP_WEBADMIN, function (error) { - if (!fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file not found after failed login!')); - fs.unlinkSync(paths.GHOST_USER_FILE); + const [error] = await safe(users.verifyWithEmail(ADMIN.email, 'foobar', users.AP_WEBADMIN)); + if (!fs.existsSync(paths.GHOST_USER_FILE)) throw new Error('Ghost file not found after failed login!'); + fs.unlinkSync(paths.GHOST_USER_FILE); - expect(error).to.be.a(BoxError); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - done(); - }); + expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); }); - it('succeeds for ghost', function (done) { - var ghost = { }; - ghost[userObject.username] = 'testpassword'; + it('succeeds for ghost', async function () { + let ghost = { }; + ghost[ADMIN.username] = 'testpassword'; fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8'); - users.verifyWithEmail(EMAIL, 'testpassword', users.AP_WEBADMIN, function (error, result) { - if (fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file still around!')); + const result = await users.verifyWithEmail(ADMIN.email, 'testpassword', users.AP_WEBADMIN); + if (fs.existsSync(paths.GHOST_USER_FILE)) throw new Error('Ghost file still around!'); - expect(error).to.equal(null); - expect(result.id).to.equal(userObject.id); - expect(result.username).to.equal(userObject.username); - expect(result.email).to.equal(userObject.email); - expect(result.displayName).to.equal(userObject.displayName); - - done(); - }); + expect(result.id).to.equal(ADMIN.id); + expect(result.ghost).to.equal(true); }); }); - describe('active', function () { - before(createOwner); - after(cleanupUsers); + // describe('active', function () { + // before(createOwner); + // after(cleanupUsers); - it('verify fails for inactive user', function (done) { - users.update(userObject, { active: false }, AUDIT_SOURCE, function (error) { - expect(error).to.not.be.ok(); + // it('verify fails for inactive user', function (done) { + // users.update(userObject, { active: false }, AUDIT_SOURCE, function (error) { + // expect(error).to.not.be.ok(); - users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error) { - expect(error).to.be.ok(); - expect(error.reason).to.equal(BoxError.NOT_FOUND); + // users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error) { + // expect(error).to.be.ok(); + // expect(error.reason).to.equal(BoxError.NOT_FOUND); - done(); - }); - }); - }); + // done(); + // }); + // }); + // }); - it('verify succeeds for inactive user', function (done) { - users.update(userObject, { active: true }, AUDIT_SOURCE, function (error) { - expect(error).to.not.be.ok(); + // it('verify succeeds for inactive user', function (done) { + // users.update(userObject, { active: true }, AUDIT_SOURCE, function (error) { + // expect(error).to.not.be.ok(); - users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error) { - expect(error).to.not.be.ok(); + // users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error) { + // expect(error).to.not.be.ok(); - done(); - }); - }); - }); - }); + // done(); + // }); + // }); + // }); + // }); - describe('retrieving', function () { - before(createOwner); - after(cleanupUsers); + // describe('retrieving', function () { + // before(createOwner); + // after(cleanupUsers); - it('fails due to non existing user', function (done) { - users.get('some non existing username', function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); + // it('fails due to non existing user', function (done) { + // users.get('some non existing username', function (error, result) { + // expect(error).to.be.ok(); + // expect(result).to.not.be.ok(); - done(); - }); - }); + // done(); + // }); + // }); - it('succeeds', function (done) { - users.get(userObject.id, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - expect(result.id).to.equal(userObject.id); - expect(result.email).to.equal(EMAIL.toLowerCase()); - expect(result.fallbackEmail).to.equal(EMAIL.toLowerCase()); - expect(result.username).to.equal(USERNAME.toLowerCase()); - expect(result.displayName).to.equal(DISPLAY_NAME); + // it('succeeds', function (done) { + // users.get(userObject.id, function (error, result) { + // expect(error).to.not.be.ok(); + // expect(result).to.be.ok(); + // expect(result.id).to.equal(userObject.id); + // expect(result.email).to.equal(EMAIL.toLowerCase()); + // expect(result.fallbackEmail).to.equal(EMAIL.toLowerCase()); + // expect(result.username).to.equal(USERNAME.toLowerCase()); + // expect(result.displayName).to.equal(DISPLAY_NAME); - done(); - }); - }); - }); + // done(); + // }); + // }); + // }); - describe('update', function () { - before(createOwner); - after(cleanupUsers); + // describe('update', function () { + // before(createOwner); + // after(cleanupUsers); - it('fails due to unknown userid', function (done) { - var data = { username: USERNAME_NEW, email: EMAIL_NEW, displayName: DISPLAY_NAME_NEW }; - users.update(_.extend({}, userObject, { id: 'random' }), data, AUDIT_SOURCE, function (error) { - expect(error).to.be.a(BoxError); - expect(error.reason).to.equal(BoxError.NOT_FOUND); + // it('fails due to unknown userid', function (done) { + // var data = { username: USERNAME_NEW, email: EMAIL_NEW, displayName: DISPLAY_NAME_NEW }; + // users.update(_.extend({}, userObject, { id: 'random' }), data, AUDIT_SOURCE, function (error) { + // expect(error).to.be.a(BoxError); + // expect(error.reason).to.equal(BoxError.NOT_FOUND); - done(); - }); - }); + // done(); + // }); + // }); - it('fails due to invalid email', function (done) { - var data = { username: USERNAME_NEW, email: 'brokenemailaddress', displayName: DISPLAY_NAME_NEW }; - users.update(userObject, data, AUDIT_SOURCE, function (error) { - expect(error).to.be.a(BoxError); - expect(error.reason).to.equal(BoxError.BAD_FIELD); + // it('fails due to invalid email', function (done) { + // var data = { username: USERNAME_NEW, email: 'brokenemailaddress', displayName: DISPLAY_NAME_NEW }; + // users.update(userObject, data, AUDIT_SOURCE, function (error) { + // expect(error).to.be.a(BoxError); + // expect(error.reason).to.equal(BoxError.BAD_FIELD); - done(); - }); - }); + // done(); + // }); + // }); - it('succeeds', function (done) { - var data = { username: USERNAME_NEW, email: EMAIL_NEW, displayName: DISPLAY_NAME_NEW }; + // it('succeeds', function (done) { + // var data = { username: USERNAME_NEW, email: EMAIL_NEW, displayName: DISPLAY_NAME_NEW }; - users.update(userObject, data, AUDIT_SOURCE, function (error) { - expect(error).to.not.be.ok(); + // users.update(userObject, data, AUDIT_SOURCE, function (error) { + // expect(error).to.not.be.ok(); - users.get(userObject.id, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - expect(result.email).to.equal(EMAIL_NEW.toLowerCase()); - expect(result.username).to.equal(USERNAME_NEW.toLowerCase()); - expect(result.displayName).to.equal(DISPLAY_NAME_NEW); + // users.get(userObject.id, function (error, result) { + // expect(error).to.not.be.ok(); + // expect(result).to.be.ok(); + // expect(result.email).to.equal(EMAIL_NEW.toLowerCase()); + // expect(result.username).to.equal(USERNAME_NEW.toLowerCase()); + // expect(result.displayName).to.equal(DISPLAY_NAME_NEW); - done(); - }); - }); - }); + // done(); + // }); + // }); + // }); - it('succeeds with same data', function (done) { - var data = { username: USERNAME_NEW, email: EMAIL_NEW, displayName: DISPLAY_NAME_NEW }; + // it('succeeds with same data', function (done) { + // var data = { username: USERNAME_NEW, email: EMAIL_NEW, displayName: DISPLAY_NAME_NEW }; - users.update(userObject, data, AUDIT_SOURCE, function (error) { - expect(error).to.not.be.ok(); + // users.update(userObject, data, AUDIT_SOURCE, function (error) { + // expect(error).to.not.be.ok(); - users.get(userObject.id, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - expect(result.email).to.equal(EMAIL_NEW.toLowerCase()); - expect(result.username).to.equal(USERNAME_NEW.toLowerCase()); - expect(result.displayName).to.equal(DISPLAY_NAME_NEW); + // users.get(userObject.id, function (error, result) { + // expect(error).to.not.be.ok(); + // expect(result).to.be.ok(); + // expect(result.email).to.equal(EMAIL_NEW.toLowerCase()); + // expect(result.username).to.equal(USERNAME_NEW.toLowerCase()); + // expect(result.displayName).to.equal(DISPLAY_NAME_NEW); - done(); - }); - }); - }); - }); + // done(); + // }); + // }); + // }); + // }); - describe('get admins', function () { - before(createOwner); - after(cleanupUsers); + // describe('get admins', function () { + // before(createOwner); + // after(cleanupUsers); - it('succeeds for one admins', function (done) { - users.getAdmins(function (error, admins) { - expect(error).to.eql(null); - expect(admins.length).to.equal(1); - expect(admins[0].username).to.equal(USERNAME.toLowerCase()); - done(); - }); - }); + // it('succeeds for one admins', function (done) { + // users.getAdmins(function (error, admins) { + // expect(error).to.eql(null); + // expect(admins.length).to.equal(1); + // expect(admins[0].username).to.equal(USERNAME.toLowerCase()); + // done(); + // }); + // }); - it('succeeds for two admins', function (done) { - var user1 = { - username: 'seconduser', - password: 'Adfasdkjf#$%43', - email: 'some@thi.ng', - role: users.ROLE_ADMIN - }; + // it('succeeds for two admins', function (done) { + // var user1 = { + // username: 'seconduser', + // password: 'Adfasdkjf#$%43', + // email: 'some@thi.ng', + // role: users.ROLE_ADMIN + // }; - users.create(user1.username, user1.password, user1.email, DISPLAY_NAME, { role: users.ROLE_ADMIN }, AUDIT_SOURCE, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); + // users.create(user1.username, user1.password, user1.email, DISPLAY_NAME, { role: users.ROLE_ADMIN }, AUDIT_SOURCE, function (error, result) { + // expect(error).to.not.be.ok(); + // expect(result).to.be.ok(); - user1.id = result.id; + // user1.id = result.id; - users.update(user1, { role: users.ROLE_ADMIN }, AUDIT_SOURCE, function (error) { - expect(error).to.eql(null); + // users.update(user1, { role: users.ROLE_ADMIN }, AUDIT_SOURCE, function (error) { + // expect(error).to.eql(null); - users.getAdmins(function (error, admins) { - expect(error).to.eql(null); - expect(admins.length).to.equal(2); - expect(admins[0].username).to.equal(USERNAME.toLowerCase()); - expect(admins[1].username).to.equal(user1.username.toLowerCase()); + // users.getAdmins(function (error, admins) { + // expect(error).to.eql(null); + // expect(admins.length).to.equal(2); + // expect(admins[0].username).to.equal(USERNAME.toLowerCase()); + // expect(admins[1].username).to.equal(user1.username.toLowerCase()); - done(); - }); - }); - }); - }); - }); + // done(); + // }); + // }); + // }); + // }); + // }); - describe('activated', function () { - after(cleanupUsers); + // describe('activated', function () { + // after(cleanupUsers); - it('succeeds with no users', function (done) { - users.isActivated(function (error, activated) { - expect(error).to.not.be.ok(); - expect(activated).to.be(false); - done(); - }); - }); + // it('succeeds with no users', function (done) { + // users.isActivated(function (error, activated) { + // expect(error).to.not.be.ok(); + // expect(activated).to.be(false); + // done(); + // }); + // }); - it('create users', function (done) { - createOwner(done); - }); + // it('create users', function (done) { + // createOwner(done); + // }); - it('succeeds with users', function (done) { - users.isActivated(function (error, activated) { - expect(error).to.not.be.ok(); - expect(activated).to.be(true); - done(); - }); - }); - }); + // it('succeeds with users', function (done) { + // users.isActivated(function (error, activated) { + // expect(error).to.not.be.ok(); + // expect(activated).to.be(true); + // done(); + // }); + // }); + // }); - describe('set password', function () { - before(createOwner); - after(cleanupUsers); + // describe('set password', function () { + // before(createOwner); + // after(cleanupUsers); - it('fails due to unknown user', function (done) { - users.setPassword(_.extend({}, userObject, { id: 'doesnotexist' }), NEW_PASSWORD, function (error) { - expect(error).to.be.ok(); - done(); - }); - }); + // it('fails due to unknown user', function (done) { + // users.setPassword(_.extend({}, userObject, { id: 'doesnotexist' }), NEW_PASSWORD, function (error) { + // expect(error).to.be.ok(); + // done(); + // }); + // }); - it('fails due to empty password', function (done) { - users.setPassword(userObject, '', function (error) { - expect(error).to.be.ok(); - done(); - }); - }); + // it('fails due to empty password', function (done) { + // users.setPassword(userObject, '', function (error) { + // expect(error).to.be.ok(); + // done(); + // }); + // }); - it('fails due to invalid password', function (done) { - users.setPassword(userObject, 'foobar', function (error) { - expect(error).to.be.ok(); - done(); - }); - }); + // it('fails due to invalid password', function (done) { + // users.setPassword(userObject, 'foobar', function (error) { + // expect(error).to.be.ok(); + // done(); + // }); + // }); - it('succeeds', function (done) { - users.setPassword(userObject, NEW_PASSWORD, function (error) { - expect(error).to.not.be.ok(); - done(); - }); - }); + // it('succeeds', function (done) { + // users.setPassword(userObject, NEW_PASSWORD, function (error) { + // expect(error).to.not.be.ok(); + // done(); + // }); + // }); - it('actually changed the password (unable to login with old pasword)', function (done) { - users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.be.ok(); - expect(result).to.not.be.ok(); - expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); - done(); - }); - }); + // it('actually changed the password (unable to login with old pasword)', function (done) { + // users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error, result) { + // expect(error).to.be.ok(); + // expect(result).to.not.be.ok(); + // expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS); + // done(); + // }); + // }); - it('actually changed the password (login with new password)', function (done) { - users.verify(userObject.id, NEW_PASSWORD, users.AP_WEBADMIN, function (error, result) { - expect(error).to.not.be.ok(); - expect(result).to.be.ok(); - done(); - }); - }); - }); + // it('actually changed the password (login with new password)', function (done) { + // users.verify(userObject.id, NEW_PASSWORD, users.AP_WEBADMIN, function (error, result) { + // expect(error).to.not.be.ok(); + // expect(result).to.be.ok(); + // done(); + // }); + // }); + // }); - describe('sendPasswordResetByIdentifier', function () { - before(createOwner); - after(cleanupUsers); + // describe('sendPasswordResetByIdentifier', function () { + // before(createOwner); + // after(cleanupUsers); - it('fails due to unkown email', function (done) { - users.sendPasswordResetByIdentifier('unknown@mail.com', function (error) { - expect(error).to.be.an(BoxError); - expect(error.reason).to.eql(BoxError.NOT_FOUND); - done(); - }); - }); + // it('fails due to unkown email', function (done) { + // users.sendPasswordResetByIdentifier('unknown@mail.com', function (error) { + // expect(error).to.be.an(BoxError); + // expect(error.reason).to.eql(BoxError.NOT_FOUND); + // done(); + // }); + // }); - it('fails due to unkown username', function (done) { - users.sendPasswordResetByIdentifier('unknown', function (error) { - expect(error).to.be.an(BoxError); - expect(error.reason).to.eql(BoxError.NOT_FOUND); - done(); - }); - }); + // it('fails due to unkown username', function (done) { + // users.sendPasswordResetByIdentifier('unknown', function (error) { + // expect(error).to.be.an(BoxError); + // expect(error.reason).to.eql(BoxError.NOT_FOUND); + // done(); + // }); + // }); - it('succeeds with email', function (done) { - users.sendPasswordResetByIdentifier(EMAIL, function (error) { - expect(error).to.not.be.ok(); - checkMails(1, done); - }); - }); + // it('succeeds with email', function (done) { + // users.sendPasswordResetByIdentifier(EMAIL, function (error) { + // expect(error).to.not.be.ok(); + // checkMails(1, done); + // }); + // }); - it('succeeds with username', function (done) { - users.sendPasswordResetByIdentifier(USERNAME, function (error) { - expect(error).to.not.be.ok(); - checkMails(1, done); - }); - }); - }); + // it('succeeds with username', function (done) { + // users.sendPasswordResetByIdentifier(USERNAME, function (error) { + // expect(error).to.not.be.ok(); + // checkMails(1, done); + // }); + // }); + // }); - describe('invite', function () { - before(createOwner); - after(cleanupUsers); + // describe('invite', function () { + // before(createOwner); + // after(cleanupUsers); - it('fails as expected', function (done) { - users.sendInvite(userObject, { }, function (error) { - expect(error).to.be.ok(); // have to create resetToken first - done(); - }); - }); + // it('fails as expected', function (done) { + // users.sendInvite(userObject, { }, function (error) { + // expect(error).to.be.ok(); // have to create resetToken first + // done(); + // }); + // }); - it('can create token', function (done) { - users.createInvite(userObject, function (error, resetToken) { - expect(error).to.be(null); - expect(resetToken).to.be.ok(); - done(); - }); - }); + // it('can create token', function (done) { + // users.createInvite(userObject, function (error, resetToken) { + // expect(error).to.be(null); + // expect(resetToken).to.be.ok(); + // done(); + // }); + // }); - it('send invite', function (done) { - users.sendInvite(userObject, { }, function (error) { - expect(error).to.be(null); - checkMails(1, done); - }); - }); - }); + // it('send invite', function (done) { + // users.sendInvite(userObject, { }, function (error) { + // expect(error).to.be(null); + // checkMails(1, done); + // }); + // }); + // }); - describe('remove', function () { - before(createOwner); - after(cleanupUsers); + // describe('remove', function () { + // before(createOwner); + // after(cleanupUsers); - it('fails for unknown user', async function () { - const [error] = await safe(users.del(_.extend({}, userObject, { id: 'unknown' }), AUDIT_SOURCE)); - expect(error.reason).to.be(BoxError.NOT_FOUND); - }); + // it('fails for unknown user', async function () { + // const [error] = await safe(users.del(_.extend({}, userObject, { id: 'unknown' }), AUDIT_SOURCE)); + // expect(error.reason).to.be(BoxError.NOT_FOUND); + // }); - it('can remove valid user', async function () { - await users.del(userObject, AUDIT_SOURCE); - }); + // it('can remove valid user', async function () { + // await users.del(userObject, AUDIT_SOURCE); + // }); - it('can re-create user after user was removed', createOwner); - }); + // it('can re-create user after user was removed', createOwner); + // }); }); diff --git a/src/users.js b/src/users.js index 22ed8b94d..1ea9a9425 100644 --- a/src/users.js +++ b/src/users.js @@ -13,6 +13,7 @@ exports = module.exports = { get, getByResetToken, getByUsername, + getByEmail, getOwner, getAdmins, getSuperadmins, @@ -240,7 +241,7 @@ async function add(email, data, auditSource) { eventlog.add(eventlog.ACTION_USER_ADD, auditSource, { userId: user.id, email: user.email, user: removePrivateFields(user) }); - return user; + return user.id; } // returns true if ghost user was matched